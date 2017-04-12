TERRAFORM IN ACTION The road to IAC
WHO AM I ➤ Damien Pacaud ➤ Director of infrastructure @ teads ➤ Dev & Ops ➤ In love with automation ➤ twitter.com/serty2
INFRA AS CODE ? Blueprints to your infra
OUR INFRASTRUCTURE ➤ 2 AWS Regions ➤ EU-WEST-1 ➤ US-EAST-1 ➤ Highly elastic platform ➤ 6M RPM average traffic ➤ Peak aroun...
OUR NEEDS ➤ Operate a 3rd region ➤ Reverse engineer existing regions ➤ Build a staging environment ➤ Better support turnov...
ONE SOLUTION ➤ Infrastructure as code ➤ Templates describing your infra ➤ Documentation is in the code ➤ Easier to create ...
OUR CHOICE ➤ Terraform ➤ Support for many providers ➤ Cloud IAAS : AWS / GCP / Azure ➤ Virtualization : vSphere / vCloud D...
TERRAFORM Hello world and beyond
provider "aws" { region = "eu-west-1" profile = "perso" } resource "aws_vpc" "vpc_perso" { cidr_block = "10.0.0.0/16" enab...
PLAN
APPLY
STATE
RESULT
WHAT ABOUT TEAMWORK ?
TEAMWORK :: BACKENDS ➤ Store your state file(s) remotely using terraform backend ➤ Many different backend available (azure...
TEAMWORK :: STATE LOCKING ➤ Locking is pretty new ➤ introduced in 0.9.0 ➤ Only works with S3, Consul and Local backends ➤ ...
TEAMWORK :: REMOTE APPLY (CI) ➤ Mutual agreement from team ➤ No-one should apply from its machine ➤ Jenkins only will appl...
MODULES Because DRY
WHAT ARE MODULES ? ➤ A module ➤ is just a folder containing terraform templates ➤ defines a reusable component ➤ is compos...
MODULE DECLARATION :: MAIN.TF #VPC resource "aws_vpc" "vpc" { cidr_block = "${var.vpc_cidr}" enable_dns_hostnames = true e...
MODULE DECLARATION :: OUTPUTS.TF output "vpc_id" { value = "${aws_vpc.vpc.id}" } output "main_route_id" { value = "${aws_v...
MODULE DECLARATION :: VARIABLES.TF variable "vpc_cidr" {} variable "env" {} variable "aws_region" {} variable "domain_name...
USING MODULES :: MAIN.TF module "vpc_staging" { source = "git::git@github.com/myorg/mymodule.git//vpc?ref=0.1" aws_region ...
USING MODULES :: OUTPUTS.TF output "vpc_staging_id" { value = "${module.vpc_staging.vpc_id}" } output "vpc_prod_id" { valu...
USING MODULES ➤ Modules allows to reuse the same code in different environments ➤ The same module can be used with differe...
OUR PATH WITH TERRAFORM what we’ve learnt
A FEW RULES :: SOURCE CONTROL ➤ Jenkins and Jenkins only will apply ➤ Work on Feature Branch, plan on Feature Branch (thro...
A FEW RULES :: ENVIRONMENTS ➤ No unit tests available ➤ Use a staging environment ➤ Always test your code / module in stag...
A FEW RULES :: ISOLATION ➤ Large state files are impractical ➤ Changing something may lead to risking everything ➤ The sma...
A FEW RULES :: DIRECTORY STRUCTURE ➤ Define directory level variables ➤ i.e. : environment.tf ➤ contains env and profiles ...
ISSUES Terraform’s Dark Side
STILL NOT 1.0 ➤ Development is very active ➤ New releases will break compatibility ➤ Read changelog before updating ➤ Secr...
STILL NOT 1.0 ➤ RTFM ➤ and read it carefully ➤ ex : Security Group name / description ➤ Declarative, Declarative, Declarat...
ONE MORE THING
WE’RE HIRING ➤ Many positions open ➤ We have great arguments ➤ Talk to your friends ➤ https://teads.tv/teads-jobs/
QUESTIONS ?
Slides of my presentation to the AWS User Group Meetup in Montpellier.
Describes our use of terraform at Teads (http://www.teads.tv)

×